<?php
require_once('include/inc_database.php');
require_once('include/inc_useraccount.php');


// Open DB connection.
$dbobj = new DatabaseObject();
$dbobj->OpenConnection();

$auth = new UserAccount();

$recID = $_POST['recID'];
$username = $_POST['username'];
$content = trim($_POST['content']);

$ipAddedBy = $_SERVER['REMOTE_ADDR'];
$commentDate = date("Y-m-d H:i:s", time());


// Check for dumb, evil robots.
//echo $_POST['robot_detector'];
if ($_POST['robot_detector'] != "abcfed") {
	echo "<p>Error.  Please enable Javascript.";
	exit();
}

if ($username !== $auth->AuthenticatedUser()) {
	echo "<p>Not logged in.  Must log in to post a recommendation.";
	exit();
}


// Check comment length.
if (strlen($content) > 2000 || strlen($content) <= 2) {
	echo "<p>Comment length out of range. (" . strlen($content) . " characters, limit 2000)";
	exit;
}


$commentNumber = $dbobj->GetFirstCell("SELECT IFNULL(MAX(commentNumber)+1,1) FROM mr_recComment WHERE recID = " . $recID);

$dbobj->SendQuery("INSERT INTO mr_recComment (recID, commentNumber, commentDate, username, content, ipAddedBy) VALUES ($recID, $commentNumber, '$commentDate', ".ValToSQL_str($auth->AuthenticatedUser()).", ".ValToSQL_str($content).", '$ipAddedBy')");


Header("Location: rec.php?recID=" . $recID);
exit();
?>

